Possibly linux@lemmy.zip to Linux@lemmy.mlEnglish · 1 year agoXZ backdoor in a nutshelllemmy.zipimagemessage-square136fedilinkarrow-up1593arrow-down15
arrow-up1588arrow-down1imageXZ backdoor in a nutshelllemmy.zipPossibly linux@lemmy.zip to Linux@lemmy.mlEnglish · 1 year agomessage-square136fedilink
minus-squareAmju Wolf@pawb.sociallinkfedilinkEnglisharrow-up5·1 year agoPackages or dependencies with only one maintainer that are this popular have always been an issue, and not just a security one. What happens when that person can’t afford to or doesn’t want to run the project anymore? What if they become malicious? What if they sell out? Etc.
minus-squareslazer2au@lemmy.worldlinkfedilinkEnglisharrow-up1·1 year agoWhat if the repository becomes stupid and takes a package away from a developer and said developer deletes his other packages. See leftpad.
Packages or dependencies with only one maintainer that are this popular have always been an issue, and not just a security one.
What happens when that person can’t afford to or doesn’t want to run the project anymore? What if they become malicious? What if they sell out? Etc.
https://xkcd.com/2347
What if the repository becomes stupid and takes a package away from a developer and said developer deletes his other packages. See leftpad.